9c29815522b332584d5cc77b61b2f4cb_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9c29815522b332584d5cc77b61b2f4cb_mafia_JC.exe
Size

982KB
MD5

9c29815522b332584d5cc77b61b2f4cb
SHA1

37c3717aad43f59ebac0a472a7b4c26ac99e88b7
SHA256

a790b5607d26615da5a4ffedc35bed8cc03782205b72c77bf1e325436ce58c81
SHA512

26a9fb6ededafe32c17aa6c48a9c55c72ec9c0d49854c3a823137a74d8f181bc438fdc3e47b4203f92d22bc66b34e0dd11fd8bd0c5d31e43d9daa0ef2bec70f2
SSDEEP

24576:CH+t2Oz/z9W3lpCh2epZ4G4aDzRT0L2QI0e+:Q4b83lY2epZFXN0qQI4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c29815522b332584d5cc77b61b2f4cb_mafia_JC.exe

Files

9c29815522b332584d5cc77b61b2f4cb_mafia_JC.exe
.exe windows x86

9f4a60a05f0d26512751ef8df2cdf827

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDrawImageI
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdiplusShutdown
GdiplusStartup
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipCloneImage
GdipDisposeImage
GdipFillRectangle
GdipDrawLine
GdipCreateLineBrushFromRect
GdipDeleteFont
GdipCreateFontFromDC
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipDrawPath
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectI
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipAlloc
GdipFree
GdipGetImageHeight
GdipGetImageWidth

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpWriteData
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpQueryHeaders

kernel32

CloseHandle
CreateThread
FreeResource
LocalAlloc
LocalFree
CreateFileW
ReadFile
FlushFileBuffers
GetFileSize
GetTempPathW
GetTempFileNameW
DeleteFileW
MoveFileW
FindFirstFileW
FindNextFileW
FindClose
FreeLibrary
LoadLibraryW
GetModuleFileNameW
CreateDirectoryW
GlobalLock
WriteFile
GlobalUnlock
SetEvent
WaitForSingleObject
TerminateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
GetCurrentProcess
GetLastError
GetFileAttributesW
GetVersion
SetLastError
SetFilePointer
Sleep
TerminateProcess
GetProcessHeap
HeapAlloc
lstrlenW
HeapFree
WaitForMultipleObjects
GlobalFree
CopyFileW
GetCurrentThreadId
MoveFileExW
GetExitCodeProcess
GetNativeSystemInfo
GetFileSizeEx
GlobalAlloc
GetTickCount
GetFileAttributesExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetUserDefaultUILanguage
InterlockedDecrement
GetLocalTime
GetFirmwareEnvironmentVariableW
FileTimeToDosDateTime
SystemTimeToFileTime
FileTimeToSystemTime
GetFileType
DuplicateHandle
GetFileInformationByHandle
GetSystemTime
GetModuleHandleExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetProcAddress
InterlockedExchange
LoadLibraryA
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
InterlockedIncrement
InterlockedCompareExchange
GetStringTypeW
InitializeCriticalSection
EncodePointer
DecodePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
OutputDebugStringW
SetCriticalSectionSpinCount
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
IsProcessorFeaturePresent
ExitProcess
GetStdHandle
SetHandleCount
GetLocaleInfoW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
ExpandEnvironmentStringsW

user32

LoadCursorW
SetCursor
GetWindow
BringWindowToTop
AttachThreadInput
GetForegroundWindow
GetWindowThreadProcessId
RegisterWindowMessageW
DestroyWindow
GetDesktopWindow
GetCursorPos
GetSystemMetrics
LoadImageW
SetTimer
SetDlgItemTextW
GetWindowDC
ReleaseDC
GetWindowLongW
CreateDialogParamW
DialogBoxParamW
DefWindowProcW
ScreenToClient
GetParent
MessageBoxW
IsWindowEnabled
GetClientRect
TrackMouseEvent
EndPaint
BeginPaint
GetPropW
SetPropW
PostMessageW
DrawFocusRect
GetDialogBaseUnits
GetSysColor
ExitWindowsEx
GetKeyState
EndDialog
GetWindowRect
GetDC
InvalidateRect
IsWindow
EnableWindow
SetWindowLongW
CallWindowProcW
HideCaret
SendMessageW
SetWindowTextW
SendDlgItemMessageW
ShowWindow
SetWindowPos
GetDlgItem
SetFocus
KillTimer

gdi32

GetStockObject
SetBkMode
SetBrushOrgEx
StretchBlt
GetObjectW
CreatePatternBrush
DeleteObject
CreateFontIndirectW
ExtTextOutW
GetTextMetricsW
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
SetTextColor
SetBkColor

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
RegOpenKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegLoadKeyW
RegDeleteValueW
ControlService
QueryServiceStatus
RegDeleteKeyW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
CryptGetHashParam
InitializeSecurityDescriptor
GetUserNameW
LookupAccountSidW
SetSecurityDescriptorDacl
SetFileSecurityW
FreeSid
OpenProcessToken
LookupPrivilegeValueW
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptGenKey
CryptExportKey
CryptDestroyHash
CryptVerifySignatureW
CryptHashData
CryptAcquireContextW
CryptImportKey
CryptGetKeyParam
CryptCreateHash
SetEntriesInAclW

shell32

ShellExecuteExW
ShellExecuteW
SHGetFolderPathW
SHGetKnownFolderPath
Shell_NotifyIconW

ole32

CoSetProxyBlanket
CoTaskMemFree
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx
GetHGlobalFromStream
CreateStreamOnHGlobal
StringFromCLSID
CoCreateGuid

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
OleCreatePictureIndirect
SysAllocString
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysStringLen

shlwapi

PathAppendW
PathStripPathW
PathFindExtensionW
PathFindFileNameW
StrToIntExW
PathAddBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFileExistsW

crypt32

CryptDecodeObjectEx
CryptStringToBinaryW

Sections

.text
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f4a60a05f0d26512751ef8df2cdf827

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

version

winhttp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

Sections

.text Size: 369KB - Virtual size: 369KB

.rdata Size: 102KB - Virtual size: 101KB

.data Size: 11KB - Virtual size: 21KB

.rsrc Size: 452KB - Virtual size: 451KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 369KB - Virtual size: 369KB

.rdata
Size: 102KB - Virtual size: 101KB

.data
Size: 11KB - Virtual size: 21KB

.rsrc
Size: 452KB - Virtual size: 451KB

.reloc
Size: 34KB - Virtual size: 34KB